Apple today released QuickTime 7.6.2 with fixes for a variety of security vulnerabilities, some of which could lead to arbitrary code execution attacks.
The update, available for Mac OS X, Windows XP and Windows Vista, covers a total of 10 documented vulnerabilities that could be exploited via booby-trapped movie, video, image and audio files.
Here are the details
- CVE-2009-0188: A memory corruption issue exists in QuickTime’s handling of Sorenson 3 video files. This may lead to an unexpected application termination or arbitrary code execution.
- CVE-2009-0951: A heap buffer overflow exists in the handling of FLC compression files. Opening a maliciously crafted FLC compression file may lead to an unexpected application termination or arbitrary code execution.
- CVE-2009-0952: A buffer overflow may occur while processing a compressed PSD image. Opening a maliciously crafted compressed PSD file may lead to an unexpected application termination or arbitrary code execution.
- CVE-2009-0010: An integer underflow in QuickTime’s handling of PICT may result in a heap buffer overflow. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution.
- CVE-2009-0953: A heap buffer overflow exists in QuickTime’s handling of PICT images. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution.
- CVE-2009-0954: A heap buffer overflow exists in QuickTime’s handling of Clipping Region (CRGN) atom types in a movie file. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.
- CVE-2009-0185: A heap buffer overflow exists in the handling of MS ADPCM encoded audio data. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.
- CVE-2009-0955: A sign extension issue exists in QuickTime’s handling of image description atoms. Opening a maliciously crafted Apple video file may lead to an unexpected application termination or arbitrary code execution.
- CVE-2009-0956: An uninitialized memory access issue exists in QuickTime’s handling of movie files. Viewing a movie file with a zero user data atom size may lead to an unexpected application termination or arbitrary code execution.
- CVE-2009-0957: A heap buffer overflow exists in QuickTime’s handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution.
No comments:
Post a Comment